Full Disclosure mailing list archives
Re: Expired certificate
From: bk <chort0 () gmail com>
Date: Fri, 23 Jul 2010 11:29:00 -0700
On Jul 22, 2010, at 10:12 PM, Marsh Ray wrote:
On 07/22/2010 10:40 PM, Dan Kaminsky wrote:
There are fundamental sources of these failures that are not just "people are stupid". Remember the tales of failed +$100M PKI deployments around the turn of the millenium?I can imagine a PKI project failing. But failing after $100M is spent can be only explained by business management problems. This is not a space program we're talking about after all, the PKI technology just isn't that risky.
It's not that it's risky, it's just that the techy people got all carried away with how it should work technically, and by the time they rolled it out to actual workers they realized that it was a usability disaster. No one is going to deal with that big of a disruption to how they perform their work on a daily basis. The biggest, grandest schemes always get torpedoed by the smallest human problems. So far as I know, the only environment PKI is really widely adopted in is the military, because they get to say "you WILL use this smartcard, soldier! YOU HAVE A PROBLEM WITH THAT?" Private sector workers can just say "Hah, I'll call that head-hunter back." Soldiers? Not so much...
Why do you think so much money got spent?Consultants!
Consultants: The people you call when you just can't admit the requirements were ridiculous, but are willing to burn a few million more dollars proving it conclusively.
The worst idea I've ever heard is probably this: http://news.techworld.com/security/3228198/obama-internet-kill-switch-plan-approved-by-us-senate/?olo=rss
Should go without saying. Oops. -- chort _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Expired certificate, (continued)
- Re: Expired certificate Junk Meat (Jul 16)
- Re: Expired certificate bk (Jul 16)
- Re: Expired certificate Junk Meat (Jul 17)
- Re: Expired certificate Dan Kaminsky (Jul 17)
- Re: Expired certificate Pavel Kankovsky (Jul 18)
- Re: Expired certificate Marsh Ray (Jul 20)
- Re: Expired certificate Dan Kaminsky (Jul 22)
- Re: Expired certificate Marsh Ray (Jul 22)
- Re: Expired certificate Dan Kaminsky (Jul 22)
- Re: Expired certificate Marsh Ray (Jul 22)
- Re: Expired certificate bk (Jul 23)
- Re: Expired certificate Meadow (Jul 23)
- Re: Expired certificate Marsh Ray (Jul 24)
- Re: Expired certificate Pavel Kankovsky (Jul 24)
- Re: Expired certificate Dan Kaminsky (Jul 24)
- Re: Expired certificate Dan Kaminsky (Jul 24)
- Re: Expired certificate Pavel Kankovsky (Jul 25)
- Re: Expired certificate Dan Kaminsky (Jul 25)
- Re: Expired certificate Marsh Ray (Jul 26)